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(54) A system and method for manipulating a computer file and/or program 

(57) A system tor manipulating a computer file 
and/or program. The system includes a serving device 
having access to a computer file and/or program which 
is unencrypted and which can encrypt the unencrypted 
computer file and/or program to become an encrypted 
computer file and/or program and transfer it. The sys- 
tem includes a connector connected to the serving 
device on which the encrypted computer file and/or pro- 
gram travels and to which the serving device transfers 
the encrypted computer file and/or program. The sys- 
tem includes a client device which receives the 
encrypted computer file and/or program and decrypts 
the encrypted computer file and/or program back to the 
unencrypted computer file and/or program. The client 
device does not allow intervention to the encrypted 
computer file and/or program during a time when the 
encrypted computer and/or file program is received. 
The serving device is separate, apart and distinct from 
the client device. A method for manipulating a computer 
fife and/or program. The method includes the steps of 
suspending intervention by a user at a client device of 
the client device. Then there is the step of encrypting an 
unencrypted computer file and/or program at the server 
device to form an encrypted computer file and/or pro- 
gram. Next there is the step of transferring the 
encrypted computer file and/or program to the client 
device along a connector connected to the client device 
and the server device. Then there is the step of reestab- 
lishing the intervention of the client device by the user. 
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Description 

FIELD OF THE INVENTION 

[0001 ] The present invention is related to a method s 
and system to automatically invoke functionality of an 
operating system during the encrypted transmission 
and encrypted storage of computer files and/or compu- 
ter programs from one computing device to another 
computing device. 10 

BACKGROUND OF THE INVENTION 

[0002] The secure transmission of computer files 
via communication means has increased in importance 15 
with the proliferation of the Internet for electronic distri- 
bution and electronic commerce. The fundamental shift 
from physical delivery of computer files and/or computer 
programs to digital based electronic transmission has 
commenced with the Internet emerging as a ubiquitous 20 
low cost network. As in previous technological advance- 
ments such as the transition from newspaper to radio 
and then to television, media companies of the time 
were forced to react to the emergence of these new 
mediums. However, unlike previous technological tran- 25 
sitions, the Internet as a medium supports all of the 
functionality of the traditional print, radio and television 
industries while simultaneously supporting electronic 
commerce as well. Currently, many businesses utilize 
the Internet to sell or give away their computer files 30 
and/or computer programs via the Internet and in most 
cases, the computer files are not encrypted for protec- 
tion against piracy or illegal use. Additionally the current 
approach relating to the secure transmission and stor- 
age of computer files fails to leverage encryption func- 35 
tionality of a computing device's operating system. The 
current approach calls for a computing device acting as 
a server (the "Serving Device") to communicate with 
another computing device acting as a client (the "Client 
Device") to transfer encrypted files for decryption at the 40 
application level (such as, but not limited to, Win32 
Application) of the Client Device. The Client Device uti- 
lizes a computer program running at the application 
level for decryption, which is assigned a unique decryp- 
tion "key." During the transmission process, the Serving 4s 
Device encrypts the computer file for storage using the 
decryption "key" of the Client Device. The encrypted 
computer file is then transmitted via the Internet and 
saved into storage within, or connected to, the Client 
Device. After decryption of the computer file, the so 
decrypting computer program transmits a decrypted 
signal to the operating system for display or, in the case 
of an audio file, playback through the sound card. The 
decrypted signal can be vulnerable when transmitted 
from the decrypting application to the operating system, ss 
and the signal can be intercepted, possibly resulting in 
the illegal duplication of the computer file. 
[0003] Addressing certain aspects of computer file 



and computer program encryption, the Microsoft Corpo- 
ration published in 1998. a white paper titled "Microsoft 
Windows NT version 5.0, Public Key Infrastructure", 
incorporated by reference herein, (hereinafter the "Win- 
dows 2000 PKI White Paper"), detailing encryption 
functionality of a comprehensive public key infrastruc- 
ture (PKI) in the Windows 2000 family of operating sys- 
tems (formerly referred to as Windows NT 5.0). The 
Windows 2000 PKI White Paper stated on the cover 
page thereof, "Microsoft. Windows NT. version 5.0 intro- 
duces a comprehensive public key infrastructure (PKI) 
to the Windows, platform. This utilizes and extends the 
Windows-based public key (PK) cryptographic services 
introduced over the past few years, providing an inte- 
grated set of services and administrative tools for creat- 
ing, deploying, and managing PK-based applications. 
This allows application developers to take advantage of 
the shared-secret security mechanisms or PK-based 
security mechanism in Windows NT as appropriate. At 
the same time, enterprises gain the advantage of being 
able to manage the environment and applications 
based on consistent tools and policy mechanisms." 
[0004] Furthermore, and with special emphasis on 
the encryption functionality of the Public Key Infrastruc- 
ture of the Windows 2000 family of operating systems, 
the Windows PKI White Paper stated, "The Web has 
rapidly become a key element in creating and deploying 
solutions for the effective exchange of information on a 
worldwide basis. In particular, growth in its use for busi- 
ness purposes has been dramatic. For many uses, 
security is a key consideration. Notably: Server authen- 
tication - To enable clients to verify the server they are 
communicating with. Client authentication - To allow 
servers to verify the client's identity and use this as a 
basis for access control decisions. Confidentiality - 
Encryption of data between clients and servers to pre- 
vent its exposure over public Internet links. 
[0005] The Secure Sockets Layer (SSL) and the 
emerging IETF standard Transport Layer Security (TLS) 
protocols play an important role in addressing these 
needs. SSL and TLS are flexible security protocols that 
can be layered on top of other transport protocols. They 
rely on PK-based authentication technology and use 
PK-based key negotiation to generate a unique encryp- 
tion key for each client and/or server session. They are 
most commonly associated with Web-based applica- 
tions and the HTTP protocol (referred to as HTTPS). 
[0006] SSL and TLS are supported on the Windows 
platform by the secure channel (schannel) SSPI pro- 
vider. Microsoft Internet Explorer and Internet Informa- 
tion Services both use schannel for this functionality. 
Because schannel is integrated with Microsoft's SSPI 
architecture, it is available for use with multiple protocols 
to support authenticated and/or encrypted communica- 
tions. 

[0007] Taking full advantage of the SSL and TLS 
protocols requires both clients and servers to have iden- 
tification certificates issued by mutually trusted CAs, 
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allowing the parties to authenticate each other. In this 
mode, certificates are exchanged along with data that 
proves possession of the corresponding private key. 
Each side can then validate the certificate and verify 
possession of the private key using the certificate's pub- 5 
lie key. The identifying information included in the certif- 
icate can then be used to make supplemental access 
control decisions. For example, the client can decide 
whether the server is someone it wishes to conduct 
business with and the server can decide what data the 
client will be allowed access. 

[0008] The Windows NT 5.0 PKI integrates support 
for the latter decisions as a standard feature of Windows 
NT Server. User certificates can be mapped on a one- 
to-one or many-to-one basis against security principals 
(User objects) in the Active Directory. Schannel can 
take advantage of this information to automatically syn- 
thesize a security token for the client such that the Win- 
dows NT ACL mechanisms are used to enforce access 
control to resources. This is advantageous for services 
in that they can utilize the identical access control 
mechanism independent of the client authentication 
mechanism used (PK or Kerberos). 
[0009] Once the client and server have authenti- 
cated each other, they can proceed to negotiate a ses- 
sion key and begin communicating securely. SSL and 
TLS are also often employed in a mode that doesn't 
require client authentication. Use of mutual authentica- 
tion is recommended in the enterprise environment 
however, because it allows you to make use of the Win- 
dows-based access control mechanisms. Also, the PKI 
significantly simplifies certificate enrollment and man- 
agement reducing the burden on the client." 
[0010] In another white paper published by the 
Microsoft Corporation in September 1998, titled "Win- 
dows NT Workstation 5.0 Key Benefits and Capabilities 
Whitepaper", incorporated by reference herein, (the 
"Windows 2000 Workstation White Paper) Microsoft 
provides additional detail on encryption functionality of 
the Windows 2000 family of operating systems. The 
Windows 2000 Workstation White Paper stated on page 
30 thereof, "Windows NT Workstation 5.0 provides sup- 
port for Public Key security, an industry-standard 
authentication protocol used over public networks, such 
as the Internet. The most important use of Public Keys 
is for digital signatures, which assure authenticity of 
components, including that: E-mail came from the 
sender; E-mail cannot be viewed or edited by other 
users; Applications and drivers come from known 
sources; Software is protected from tampering after 
installation; The identity of a remote computer is guar- 
anteed; Secure Internet communication is allowed; 
Strong encryption is allowed, such as that needed for 
secure transactions. 

[001 1 ] While other platforms, such as any Windows 
platform running Internet Explorer 4.0, support the use 
of Public Keys, Windows NT Workstation 5.0 goes fur- 
ther by providing a more robust infrastructure for creat- 



ing certificates, "trusts" with other systems, and secure 
storage for certificates." 

[0012] The Windows 2000 Workstation White 
Paper expands on secure virtual private network serv- 
ices, stating on page 31 thereof, "In addition to PPTP, 
toda/s most common method, Windows NT Worksta- 
tion 5.0 supports several new, more secure methods of 
creating Virtual Private Networks, including: L2TP 
(Layer 2 Tunneling Protocol), a more secure version of 
PPTP, for tunneling, address assignment, and authenti- 
cation; IPSEC (IP Security Protocol), a standard-based 
protocol that provides the highest levels of VPN secu- 
rity. With IPSEC, virtually everything above the network- 
ing layer can be encrypted. This provides end-to-end 
privacy, integrity, and authenticity over public networks. 
The IPSEC method is transparent to applications and 
protocols. Microsoft is working closely with vendors to 
support hardware acceleration for IPSEC through NDIS 
interfaces. 

[0013] Windows NT Workstation 5.0 also provides 
an enhanced Network Connections dialog that makes it 
easier for users to create VPNs (see the "Simplicity" 
section)." 

[0014] Additionally, Microsoft discusses storage 
encryption functionality within the Windows 2000 family 
of operating systems in the Windows 2000 PKI White 
Paper, describing an encrypting file system (EPS) which 
resides in the Windows 2000 kernel. Microsoft states in 
the Windows 2000 PKI White Paper on pages 21 and 22 
thereof, "The Windows NT 5.0 Encrypting File System 
(EFS) supports transparent encryption and decryption 
of files stored on a disk in the Windows NT file system 
(NTFS). The user can designate individual files to 
encrypt, or folders whose contents are to be maintained 
in encrypted form. Applications have access to a user's 
encrypted files in the same manner as unencrypted 
files. However, they will be unable to decrypt any other 
user's encrypted files. 

[001 5] EFS makes extensive use of P K-based tech- 
nology to provide mechanisms for encrypting files to 
multiple users and well as supporting file recovery. To 
do this, ft utilizes the ability of PK to support bulk 
encryption without prior shared secrets. In operation, 
each EFS user generates a public key pair and obtains 
an EFS certificate. The certificate will be issued by an 
enterprise CA in the Windows NT 5.0 domain, although 
EFS will generate a serf-signed certificate for stand- 
alone operation where data sharing is not an issue. In 
addition, Windows NT 5.0 supports an EFS recovery 
policy in which trusted recovery agents can be desig- 
nated. These agents generate an EFS recovery public 
key pair and will be issued an EPS recovery certificate 
by the enterprise CA, TTie certificates of the EFS recov- 
ery agents are published to domain clients with the 
Group Policy Object. 

[0016] In operation, for each file to be encrypted 
EFS creates a random key that is used to encrypt the 
file. The user's EFS public key is then used to encrypt 
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this secret key and associate it with the file. In addition, 
a copy of the secret key, encrypted with each recovery 
agents EFS public key, is associated with the file. No 
plaintext copy of the secret key is stored in the system. 
[0017] When retrieving the file, EFS transparently 
unwraps the copy of the secret key encrypted with the 
user's public key using the user's private key. This is 
then used to decrypt the file in real time during file read 
and write operations. Similarly, a recovery agent may 
decrypt the file by using the private key to access the 
secret key." 

[0018] Providing additional detail on the level of 
security of Microsoft's Encrypting File System, the Win- 
dows 2000 Workstation White Paper states on page 28 
thereof, " An Encrypted File System (EFS) encrypts files 
on a hard disk. Each file is encrypted using a randomly 
generated key, which is independent of the users' public 
and/or private key pair. EFS resides in the Windows NT 
kernel and uses the non-paged pool to store file encryp- 
tion keys, ensuring that they never reach the paging file. 
EFS is supported on a file or directory basis. Encryption 
and decryption is transparent to the user." 
[0019] The instability of computing functions (such 
as, but not limited to, functions resulting in computing 
system crashes) is generally regarded as greater at the 
application level than at the operating system level. The 
closer the computing functions are to the core of the 
operating system, the more stable they are generally. If 
an application level decryption program becomes dam- 
aged or corrupted and reinstallation of another decryp- 
tion program is required, a new "decryption key" is 
generated and the previously encrypted computer files, 
being encrypted to the old "decryption key," can not be 
decrypted by the newly installed decryption program. 
Avoiding the encryption and/or decryption weaknesses 
inherent in application level programs, Microsoft has 
taken steps to protect lost "encryption and/or decryption 
keys" in the Windows 2000 PKI. Microsoft stated in the 
Windows 2000 PKI White Paper on page 14 thereof, 
"Public key pairs and certificates tend to have high 
value. If they are lost due to system failure, their 
replacement may be time consuming and result in mon- 
etary loss. To address these issues, the Windows NT 
5.0 PKI supports the ability to back up and restore both 
certificates and associated key pairs through the certifi- 
cate-management administrative tools." 

SUMMARY OF THE INVENTION 

[0020] The present invention offers a new and 
improved method and system to automatically invoke 
certain functionality of a public key infrastructure; and 
encrypting file system of operating systems to encrypt 
computer files or computer programs for electronic 
transmission between computing devices and encrypt 
those computer files or computer programs for subse- 
quent storage, and restrict usage permissions and/or 
rights. The present invention instructs the operating 



systems of the computing devices to temporarily sus- 
pend user intervention until completion of the encrypted 
, transmission and encrypted storage process to prevent 
unauthorized use of replication of the computer files or 

5 computer programs. The present invention instructs the 
public key infrastructure of a serving device to encrypt 
for transmission a computer file or computer program 
(and any accompanying permissions and/or rights 
established by the serving device) stored within, or con- 

10 nected to, the serving device then transmit said compu- 
ter file or computer program to the client device. Upon 
receipt by the client device of said computer file or com- 
puter program (and any accompanying permissions 
and/or rights established by the serving device), the 

is present invention automatically instructs the public key 
infrastructure of the client device to decrypt from trans- 
mission said computer file or computer program (and 
any accompanying permissions and/or rights estab- 
lished by the serving device) transmitted by the serving 

20 device. The present invention then instructs the 
encrypting file system of the client device to encrypt for 
storage, based on any permissions and/or rights as 
established by the serving device and which accompa- 
nied the computer file or computer program, and store 

25 the computer file or computer program. The present 
invention separates the storage encryption process 
from the transmission encryption process to enable 
encrypted transmission between computing devices 
running different operating systems, using industry 

30 standard communication protocols, then having the dif- 
ferent operating systems execute their unique or propri- 
etary storage encryption process. Furthermore, the 
most widely used operating systems support the 
encrypted transmission standards of the Internet, how- 

35 ever, standards do not exist for operating system based 
encrypted storage. A unique benefit of the present 
invention is that it utilizes multiple encryption and/or 
decryption processes to provide an end-tb-end solution 
for the encrypted transfer and storage of computer files 

40 and/or programs between computers running different 
operating systems. Instead of permanently encrypting a 
computer file and/or program for use on one specific 
decrypting device or computer, the present invention 
assigns permissions and/or rights to the computer file 

45 and/or program then tasks the encryption functionality 
of operating system possessing the computer file and/or 
program to enforce the permissions and/or rights. In this 
way, flexible permissions and/or rights can be assigned 
to the computer file and/or program which follow it from 

so computer to computer, from operating system to operat- 
ing system, while being encrypted and decrypted, as 
necessary, along the way. 

[0021] The present invention also offers a new and 
improved method and system to activate certain func- 
55 tionality of a public key infrastructure and encrypting file 
system of the client device to execute any permissions 
and/or rights which accompanied a given computer file 
or computer program. Permissions and/or rights (such 
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as but not limited to number of plays, print outs, views, 
uses, copies, moves, relocations, time duration of use, 
number of users, etc.) will then bq enforced by the 
encrypting file system In conjunction with the present . 
invention. As example, a computer file or computer pro- s 
gram received by a client device could be accompanied 
with the permission or rights, as established by the 
serving device, allowing the user of the client device to 
move said computer file or computer program to 
another computing device (the "next client device"). In 10 
this example, the present invention would instruct the 
operating systems of the client device and the next cli- 
ent device to prevent user intervention until completion 
of the move. The present invention instructs the 
encrypting file system of the client device to decrypt is 
said computer file or computer program. Then the 
present invention instructs the public key infrastructure 
of the client device to encrypt for transmission said com- 
puter file or computer program (and the permissions 
and/or rights established by the serving device), then 2 o 
transmit via communication means the computer file or 
computer program to the next client device. Upon 
receipt by the next client device of said computer file or 
computer program (and the permissions and/or rights 
established by the serving device), the present inven- 2 s 
tion automatically instructs the public key infrastructure 
of the next client device to decrypt from transmission 
said computer file or computer program (and the per- 
missions and/or rights established by the serving 
device) transmitted by the client device. The present 30 
invention then instructs the encrypting file system of the 
next client device to encrypt for storage based on the 
permissions and/or rights established by the serving 
device which accompanied said computer file or com- 
puter program during transmission from the client 35 
device, and store said computer file or computer pro- 
gram. 

[0022] The present invention pertains to a system 
for manipulating a computer file and/or program. The 
system comprises a serving device having access to a 40 
computer file and/or program which is unencrypted and 
which can encrypt the unencrypted computer file and/or 
program to become an encrypted computer file and/or 
program and transfer it. The system comprises a con- 
nector connected to the serving device on which the 45 
encrypted computer file and/or program travels and to 
which the serving device transfers the encrypted com- 
puter file and/or program. The system comprises a cli- 
ent device which receives the encrypted computer file 
and/or program and decrypts the encrypted computer so 
file and/or program back to the unencrypted computer 
file and/or program. The client device does not allow 
intervention to the encrypted computer file and/or pro- 
gram during a time when the encrypted computer 
and/or file program is received. The serving device is 55 
separate, apart and distinct from the client device. 
[0023] The present invention pertains to a method 
for manipulating a computer file and/or program. The 



method comprises the steps of suspending intervention 
by a user at a client device of the client device. Then 
there is the step of encrypting an unencrypted computer 
file and/or program at the server device, to form an 
encrypted computer fie and/or program. Next there is 
the step of transferring the encrypted computer file 
and/or program to the client device along a connector 
connected to the client device and the server device. 
Then there is the step of reestablishing the intervention 
of the client device by the user. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0024] In the accompanying drawings, the preferred 
embodiment of the invention and preferred methods of 
practicing the invention are illustrated in which: 

Fig. 1 is a schematic diagram which may be used in 
carrying out the teachings of this invention for the 
purpose of automatically invoking functionality of 
the Operating System 60 of the Serving Device 10 
to: encrypt and transmit a Computer File and/or 
Program 110, and its associated permissions 
and/or rights, to a Client Device 1 1 through use of a 
Transceiver 70 connected to a Communication 
Means 120. Fig. 1 is a schematic diagram which 
may also be used in carrying out the teachings of 
this invention for the purpose of automatically 
invoking functionality of the Operating System 61 of 
the Client Device 1 1 to: receive and decrypt a Com- 
puter File and/or Program 110, and its associated 
permissions and/or rights, from transmission from a 
Serving Device 10 through use of a Transceiver 71 
connected to a Communication Means 120 and 
store an electronic copy thereof in RAM 81 ; encrypt 
and save said Computer File and/or Program 110 
from RAM 81 to Storage 101 using said associated 
permissions and/or rights, and then erase any elec- 
tronic copies of said Computer File and/or Program 
110 from RAM 81; and 

Fig. 2 is a schematic diagram which may be used in 
carrying out the teachings of this invention for the 
purposes of automatically invoking functionality of 
the Operating System 61 of the Client Device 1 1 to: 
decrypt a Computer File and/or Program 110 from 
Storage 101 and store an electronic copy thereof, 
and store the associated permissions and/or rights, 
in RAM 81 ; and encrypt and transmit a Computer 
File and/or Program 110, and its associated per- 
missions and/or rights, to a Next Client Device 12 
through use of a Transceiver 71 connected to a 
Communication Means 120; and then erase any 
electronic copies of said Computer File and/or Pro- 
gram 110 from RAM 81 ; and, in the case of a move 
of said Computer File and/or Program 110 from to 
Storage 101 to Storage 102. then erase any elec- 
tronic copies of said Computer File and/or Program 
110 from Storage 101. Fig. 2 is a schematic dia- 
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gram. which may also be used in carrying out the 
teachings of this invention for the purposes of auto- 
matically invoking functionality of the Operating 
System 62 of the Client Device 12 to: receive and 
decrypt a Computer File and/or Program 110, and s 
its associated permissions and/or rights, from 
transmission from a Client Device 1 1 through use of 
a Transceiver 72 connected to a Communication 
Means 120 and store an electronic copy thereof in 
RAM 82; encrypt and save said Computer File w 
and/or Program 110 from RAM 82 to Storage 102 
using said associated permissions and/or rights, 
and then erase any electronic copies of said Com- 
puter Re andtor Program 110 from RAM 82; and 
Fig. 3 is a computer programing flowchart which is 
may be used in carrying out the teachings of this 
invention for the purpose of automatically invoking 
functionality of the Operating System 60 of the 
Serving Device 10 to: encrypt and transmit a Com- 
puter File and/or Program 110, and its associated 20 
permissions and/or rights, to a Client Device 11 
through use of a Transceiver 70 connected to a 
Communication Means 120. Fig. 3 is a computer 
programming flowchart which may also be used in 
carrying out the teachings of this invention for the 25 
purpose of automatically invoking functionality of 
the Operating System 61 of the Client Device 1 1 to: 
receive and decrypt a Computer File and/or Pro- 
gram 110, and its associated permissions and/or 
rights, from transmission from a Serving Device 10 30 
through use of a Transceiver 71 connected to a 
- Communication Means 120 and store an electronic 
copy thereof in RAM 81; encrypt and save said 
Computer File and/or Program 110 from RAM 81 to 
Storage 101 using said associated permissions 35 
and/or rights, and then erase any electronic copies 
of said Computer File and/or Program 110 from 
RAM81;and 

Fig. 4 is a computer programming flowchart which 
may be used in carrying out the teachings of this 40 
invention for the purposes of automatically invoking 
functionality of the Operating System 61 of the Cli- 
ent Device 11 to: decrypt a Computer File and/or 
Program 110 from Storage 101 and store an elec- 
tronic copy thereof, and store the associated per- 45 
missions and/or rights, in RAM 81 ; and encrypt and 
transmit a Computer File and/or Program 110, and 
its associated permissions and/or rights, to a Next 
Client Device 11 through use of a Transceiver 71 
connected to a Communication Means 120; and so 
then erase any electronic copies of said Computer 
File and/or Program 110 from RAM 81 ; and, in the 
case of a move of said Computer File and/or Pro- 
gram 110 from Storage 101 to Storage 102, then 
erase any electronic copies of said Computer File ss 
and/or Program 110 from Storage 101. Fig. 4 is a 
computer programming flowchart which may also 
be used in carrying out the teachingis of this inven- 



tion for the purposes of automatically invoking func- 
tionality of the Operating System 62 of the Client 
Device 12 to: receive and decrypt a Computer File 
and/or Program 110, and its associated permis- 
sions and/or rights, from transmission from a Client 
Device 11 through use of a Transceiver 72 con- 
nected ta a Communication Means 120 and store 
an electronic copy thereof in RAM 82; encrypt and 
save said Computer File and/or Program 110 from 
RAM 82 to Storage 102 using said associated per- 
missions and/or rights, and then erase any elec- 
tronic copies of said Computer File and/or Program 
110 from RAM 82. 

DETAILED DESCRIPTION 

[0025] Referring now to the drawings wherein like 
reference numerals refer to similar or identical parts 
throughout the several views, and more specifically to 
Figures 1 and 2 thereof, there is shown a system for 
manipulating a computer file and/or program. The sys- 
tem comprises a serving device 10 having access to a 
computer file and/or program which is unencrypted and 
which can encrypt the unencrypted computer file and/or 
program to become an encrypted computer file and/or 
program and transfer it The system comprises a con- 
nector connected to the serving device 10 on which the 
encrypted computer file and/or program travels and to 
which the serving device 10 transfers the encrypted 
computer file and/or program. The connector can be 
communication means 120. The system comprises a 
client device 1 1 which receives the encrypted computer 
file and/or program and decrypts the encrypted compu- 
ter file and/or program back to the unencrypted compu- 
ter file and/or program. The client device 1 1 does not 
allow intervention to the encrypted computer file and/or 
program during a time when the encrypted computer 
and/or file program is received. The serving device 1 0 is 
separate, apart and distinct from the client device 11. 
[0026] Preferably, the server device assigns per- 
missions and/or rights to the unencrypted computer file 
and/or program which identifies what the client device 
1 1 can do with the unencrypted or encrypted computer 
file and/or program after the client device 11 has 
received the encrypted computer file and/or program or 
after the client device 1 1 has decrypted the encrypted 
computer file and/or program back to the unencrypted 
computer file and/or program. The server device prefer- 
ably encrypts the permissions and/or rights and trans- 
fers them to the client device 1 1 through the connector. 
The client device 1 1 decrypts the unencrypted permis- 
sions and/or rights. 

[0027] Preferably, the serving device 10 includes 
controlling server software and/or firmware 30 which . 
causes the encryption of the unencrypted computer file 
and/or program and the permissions and/or rights and 
instructs the client device 1 1 to temporarily suspend 
user intervention when the client device 1 1 receives the 
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encrypted computer file and/or program and the 
encrypted permissions and/or rights. The client device 
1 1 preferably includes controlling client software and/br 
firmware 31 which causes the decryption of the 
encrypted computer file and/or program. Preferably, the 5 
client device 11 has a mechanism for requesting the 
unencrypted computer file and/or program from the 
server device. 

[0028] The controlling client software and/or 
firmware 31 preferably causes the encryption of the 10 
unencrypted computer file and/or program and the per- 
missions and/or rights for storage. Preferably, the client 
device 1 1 has an operating system and the controlling 
client software and/or firmware 51 instructs the operat- 
ing system to reestablish user intervention at a desired is 
time. The server device preferably has a server public 
key infrastructure 41 which encrypts using encrypted 
communication protocols the permissions and/or rights 
and the unencrypted computer file and/or program. 
[0029] Preferably, the client device 1 1 has a client 20 
public key infrastructure 42 which decrypts from trans- 
mission the permissions and/or rights and encrypted 
computer file and/or program using encrypted commu- 
nication protocols. The client device 11 preferably 
includes an encrypting file system 51 which encrypts 25 
the unencrypted computer file and/or program and the 
permissions and/or rights and allows for the manual 
selection of the unencrypted computer file and/or pro- 
gram for encryption or decryption. Preferably, the client 
public key infrastructure 42 has an encryption and/or 30 
decryption key and the encrypting file system 51 uses 
the encryption and/or decryption key utilized by the cli- 
ent public key infrastructure 42. 
[0030] The system preferably includes a next client 
device 20 connected to the client device 1 1 through the 35 
connector. Preferably, the controlling client software 
and/or firmware 31 moves or copies the encrypted com- 
puter file and/or program to the next client device 20 
through the second connector, said client device 11 
having a controlling next client software and/or firmware 40 
which decrypts the received encrypted computer file 
and/or program and the encrypted permissions and/or 
rights and temporarily suspends user intervention of the 
next client device 20 while the encrypted computer file 
and/or program is received by the next client device 20. 45 
Preferably, the connector includes a communication 
link; the server device includes a transmitter connected 
to the communication link for transferring the encrypted 
computer file and/or program and unencrypted permis- 
sions and/or rights to the communication link, and the so 
client device 1 1 includes a receiver connected to the 
communication link which receives the encrypted com- 
puter file and/or program and the encrypted permis- 
sions and/or rights from the communication link. The 
connector is preferably part of the Internet or other com- ss 
munication network. 

[0031] The present invention pertains to a method 
for manipulating a computer file and/or program. The 



method comprises the steps of suspending intervention 
by a user at a client device 11 of the client device 11. 
Then there is the step of encrypting an unencrypted 
computer file and/or program at the server device to 
form an encrypted computer file and/or program. Next 
there is the step of transferring the encrypted computer 
file and/or program to the client device 1 1 along a con- 
nector connected to the client device 1 1 and the server 
device. Then there is the step of reestablishing the inter- 
vention of the client device 1 1 by the user. 
[0032] Before the transferring step, there is prefera- 
bly the step of encrypting permissions and/or rights of 
the unencrypted computer file and/or program and 
transferring the encrypted permission and/or rights to 
the client device 1 1 along the connector from the server 
device. Preferably, before the encrypting the unen- 
crypted computer file and/or program step there is the 
step of requesting by the client device 1 1 the unen- 
crypted computer file and/or program of the server 
device. After the requesting step there is preferably the 
step of copying a primary unencrypted computer file 
and/or program to form the unencrypted computer file 
and/or program. 

[0033] Preferably, before the reestablishing step, 
there is the step of decrypting the encrypted computer 
file and/or program back to the unencrypted computer 
file and/or program at the client device 11. After the 
decrypting step, there are preferably the steps of 
encrypting the unencrypted computer file and/or pro- 
gram and permissions and/or rights at the client device 
1 1 and storing the encrypted computer program and/or 
file and the encrypted permissions and/or rights in the 
client device 11. Preferably, after the storing step, there 
is the step of transferring the encrypted computer file 
and/or program to a next client device 20 connected to 
the client device 1 1 by the connector. 
[0034] Referring now to the drawings wherein like 
reference numerals refer to similar or identical parts 
throughout the several views, and more specifically to 
Fig. 1 and Fig. 3 thereof, there are shown apparatuses 
30 and 31 for invoking functionality of the Operating 
Systems 60 and 61 of computing devices Serving 
Device 10 and Client Device 11, respectively. The appa- 
ratuses 30 and 31 are connected to the Operating Sys- 
tems 60 and 61 of computing devices Serving Device 

1 0 and Client Device 1 1 , respectively. The apparatus 30 
comprises a means or mechanism for invoking function- 
ality of an Operating System 60 of a Serving Device 10 
to: instruct the apparatus 31 to instruct the Operating 
System 61 to temporarily suspend user intervention of 
the Client Device 11 during the execution of the func- 
tionality of the apparatus 30 and 31 ; conduct encrypted 
communications through use of a Transceiver 70 con- 
nected to a Communication Means 120; encrypt and 
transmit a Computer File and/or Program 110, and its 
associated permissions and/or rights, to a Client Device 

1 1 through use of a Transceiver 70 connected to a Com- 
munication Means 120. The apparatus 31 comprises a 
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means of mechanism for invoking functionality of an 
Operating System 61 of a Client Device 11 to: instruct 
the Operating System 61 to temporarily suspend user 
intervention of the Client Device 1 1 during the execution 
of the functionality of the apparatus 30 and 31 ; conduct 5 
encrypted communications through use of a Trans- 
ceiver 70 connected to a Communication Means 120; 
receive and decrypt a Computer File and/or Program 
110, and its associated permissions and/or rights, from 
transmission from a Serving Device 1 0 through use of a 10 
Transceiver 71 connected to a Communication Means 
120 and store an electronic copy thereof in RAM 81; 
encrypt and save said Computer File and/or Program 
110 from RAM 81 to Storage 1 01 using said associated 
permissions and/or rights, and then erase any elec- 75 
tronic copies of said Computer Fil e and/or Program 110 
from RAM 81; instruct the Operating System 61 to 
restore user intervention of the Client Device 11 upon 
completion of the execution of the functionality of the 
apparatus 30 and 31 . 20 
[0035] Referring now to the drawings wherein like 
reference numerals refer to similar or identical parts 
throughout the several views, and more specifically to 
Fig. 2 and Fig. 4 thereof, there is shown apparatuses 31 
and 32 for invoking functionality of the Operating Sys- 25 
terns 61 and 62 of computing devices Client Device 11 
and Next Client Device 12, respectively. The appara- 
tuses 31 and 32 are connected to the Operating Sys- 
tems 61 and 62 of computing devices Client Device 11 
and Next Client Device 12, respectively. The apparatus 30 
31 comprises a means or mechanism for invoking func- 
tionality of an Operating System 61 of a Client Device 
11 to: instruct the Operating System 61 to temporarily 
suspend user intervention of the Client Device 1 1 during 
the execution of the functionality of the apparatus 31 35 
and 32; instruct the apparatus 32 to instruct the Operat- 
ing System 62 to temporarily suspend user intervention 
of the Next Client Device 12 during the execution of the 
functionality of the apparatus 31 and 32; conduct 
encrypted communications through use of a Trans- 40 
ceiver 71 connected to a Communication Means 120; 
decrypt a Computer File and/or Program 110 from Stor- 
age 1 01 and store an electronic copy thereof, and store 
the associated permissions and/or rights, in RAM 81; 
encrypt and transmit a Computer File and/or Program 45 
110, and its associated permissions and/or rights, to a 
Next Client Device 12 through use of a Transceiver 71 
connected to a Communication Means 120; and then 
erase any electronic copies of said Computer File 
and/or Program 11 0 from RAM 81 ; and, in the case of a so 
move of said Computer File and/or Program 110 from to 
Storage 101 to Storage 102, then erase any electronic 
copies of said Computer File and/or Program 110 from 
Storage 101; instruct the Operating System 61 to 
restore user intervention of the Client Device 11 upon ss 
completion of the execution of the functionality of the 
apparatus 31. 

[0036] The apparatus 32 comprises a means or 



mechanism for invoking functionality of an Operating 
System 62 of a Next Client Device 12 to: instruct the 
Operating System 62 to temporarily suspend user inter- 
vention of the Next Client Device 12 during the execu- 
tion of the functionality of the apparatus 31 and 32; 
conduct encrypted communications through use of a 
Transceiver 71 connected to a Communication Means 
120; receive and decrypt a Computer File and/or Pro- 
gram 110, and its associated permissions and/or rights, 
from transmission from a Client Device 11 through use 
of a Transceiver 72 connected to a Communication 
Means 120 and store an electronic copy thereof in RAM 
82; encrypt and save said Computer Hie and/or Pro- 
gram 110 from RAM 82 to Storage 1 02 using said asso- 
ciated permissions and/or rights, and then erase any 
electronic copies of said Computer File and/or Program 
110 from RAM 82; instruct the Operating System 62 to 
restore user intervention of the Next Client Device 12 
upon completion of the execution of the functionality of 
the apparatus 32. 

[0037] Referring now to Fig. 1 and Fig. 3, one pre- 
ferred embodiment of the invention is comprised of the 
following: 
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[0038] In Fig. 1 and Fig. 3, the following compo- 
nents are already commercially available: the Serving 
Device 10, the Client Device 11, the Serving Interface 
20, the Client Interface 21, the Public Key Infrastructure 
40, the Public Key Infrastructure 41 , the Encrypting File 
System 50, the Encrypting File System 51 , the Operat- 
ing System 60, the Operating System 61 , the Trans- 
ceiver 70, the Transceiver 71, the Random Access 
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Memory 80 (also "RAM 80"), the Random Access Mem- 
ory 81 (also "RAM 81"), the Processor 90, the Proces- 
sor 91 , the Storage 1 00, the Storage 1 01 , the Computer 
File and/or Program 110 (also "File and/or Program 
110"), and the Communication Means 120. The Con- 5 
trolling Serving Software and/or Firmware 30 (also 
"Serving CSS and/or F 30"), and the Controlling Client 
Software and/or Firmware 31 (also "Client CCS and/or 
F 31 ") are new teachings of this invention. 
[0039] Referring now to Fig. 2 and Fig. 4 f one pre- 10 
ferred embodiment of the invention is comprised of the 



following: 
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[0040] 


In Fig. 2 and/or Fig. 4, the following compo- 


40 



nents are already commercially available: the Client 
Device 11, the Next Client Device 12, the Client Inter- 
face 21, the Next Client Interface 22, the Public Key 
Infrastructure 41, the Public Key Infrastructure 42, the 



Encrypting File System 51 , the Encrypting File System 45 
52, the Operating System 61 , the Operating System 62, 
the Transceiver 71, the Transceiver 72, the Random 
Access Memory 81 (also "RAM 81"), the Random 
Access Memory 82 (also "RAM 82"), the Processor 91 , 
the Processor 92, the Storage 1 01 , the Storage 1 02, the so 
Computer File and/or Program 110 (also "File and/or 
Program 110"), and the Communication Means 120. 
The Controlling Client Software and/or Firmware 31 
(also "Client CCS and/or F 31 "), and the Controlling Cli- 
ent Software and/or Firmware 32 (also "Next Client ss 
CCS and/or F 32") are new teachings of this invention. 
[0041 ] The Serving Device 1 0 (such as, but not lim- 
ited to, a Web Server, PC, Mac, PalmPC, Laptop, etc.) is 



a means or mechanism which can electronically com- 
municate with other computing devices. The Serving 
Device 1 0 is also a means or mechanism by which com- 
puter files can be transmitted to other computing 
devices. The Serving Device 10 may contain a video 
display, audio speakers, and other computing peripher- 
als. 

[0042] The Client Device 11 (such as, but not lim- 
ited to, a Web Server, PC, Mac, PalmPC. Laptop, etc.) is 
a means or mechanism by which computer files can be 
transmitted to or from other computing devices. The Cli- 
ent Device 1 1 is also a means or mechanism by which 
computer files can be received from other computing 
devices. The Client Device 11 may contain a video dis- 
play, audio speakers, and other computing peripherals. 
[0043] The Next Client Device 12 (such as, but not 
limited to, a Web Server, PC, Mac, PalmPC, Laptop, 
etc.) is a means or mechanism by which computer files 
can be transmitted to or from other computing devices. 
The Next Client Device 12 is also a means or mecha- 
nism by which computer files can be received from other 
computing devices. The Next Client Device 12 may con- 
tain a video display, audio speakers, and other comput- 
ing peripherals. 

[0044] The Serving Interface 20 (such as, but not 
limited to, web server commerce software such as the 
Microsoft Commerce Server) is a means or mechanism 
which can receive and execute requests transmitted 
from another computing device. 
[0045] The Client Interface 21 (such as, but not lim- 
ited to, web browser software such as the Microsoft 
Internet Explorer) is a means or mechanism which can 
transmit requests to another computing device and can 
display the contents of the Serving Interface 20 and the 
Next Client Interface 22. 

[0046] The Next Client Interface 22 (such as, but 
not limited to, web browser software such as the Micro- 
soft Internet Explorer) is a means or mechanism which 
can transmit requests to another computing device and 
can display the contents of the Client Interface 21 . 
[0047] The Controlling Serving Software and/or 
Firmware 30 is a means or mechanism to instruct the 
Operating System 60, or a communication program 
thereof, to communicate with a Client Device 11 via 
Communication Means 120. The Controlling Serving 
Software and/or Firmware 30 is also a means or mech- 
anism to instruct the Controlling Client Software and/or 
Firmware 31 to instruct the Operating System 61 to 
temporarily suspend user intervention of the Client 
Device 1 1 during the execution of the functionality of the 
Controlling Serving Software and/or Firmware 30 and 
the Controlling Client Software and/or Firmware 31 . The 
Controlling Serving Software and/or Firmware 30 is also 
a means or mechanism to receive instructions from a 
Controlling Client Software and/or Firmware 31 via 
Communication Means 120. The Controlling Serving 
Software and/or Firmware 30 is also a means or mech- 
anism to enable the user of the Serving Device 10 to 
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establish third party usage permissions and/or rights to 
be associated with a Computer Rle and/or Program 110 
thereby limiting the usage of the Computer File and/or 
Program 1 1 0 by the Client Device 11 or the Next Client 
Device 12. The Controlling Serving Software and/or 5 
Firmware 30 is also a means or mechanism to automat- 
ically instruct a Public Key Infrastructure 40 of a Serving 
Device 10 to encrypt and transmit usage permissions 
and/or rights associated with a Computer Rle and/or 
Program 110 and to encrypt and transmit a Computer w 
Rle and/or Program 1 1 0 to a Client Device 1 1 via Com- 
munication Means 120. The Controlling Serving Soft- 
ware and/or Firmware 30 may be embodied in computer 
coding software (such as, but not limited to, a program 
authored in the computer language C++) to execute the 15 
described functions). 

[0048] The Controlling Client Software and/or 
Firmware 31 is a means or mechanism to automatically 
instruct the Operating System 61 , or a communication 
program thereof, to communicate with a Serving Device 20 
10 or a Next Client Device 12 via Communication 
Means 120. The Controlling Client Software and/or 
Rrmware 31 is also a means or mechanism to receive 
instructions from a Controlling Serving Software and/or 
Rrmware 30 via Communication Means 120. The Con- 2s 
trolling Client Software and/or Firmware 31 is also a 
means or mechanism to instruct the Operating System 
61 to temporarily suspend user intervention of the Client 
Device 1 1 during the execution of the functionality of the 
Controlling Serving Software and/or Rrmware 30 and 30 
the Controlling Client Software and/or Firmware 31 . The 
Controlling Client Software and/or Rrmware 31 is also a 
means or mechanism to automatically instruct a Public 
Key Infrastructure 41 of a Client Device 11 to receive 
and decrypt from transmission usage permissions 35 
and/or rights associated with a Computer File and/or 
Program 110 and to receive and decrypt from transmis- 
sion a Computer Rle and/or Program 110 transmitted 
from a Serving Device 10 via Communication Means 
120 and place an electronic copy thereof in RAM 81. 40 
The Controlling Client Software and/or Firmware 31 is 
also a means or mechanism to automatically instruct 
the Encrypting Rle System 51 of a Client Device 11 to 
recall a Computer Rle and/or Program 110 from RAM 
81 and encrypt and save an electronic copy thereof to 45 
Storage 1 01 , using said permissions and/or rights asso- 
ciated with said Computer Rle and/or Program 110 and 
transmitted by the Serving Device 10. The Controlling 
Client Software and/or Firmware 31 is a means or 
mechanism to instruct the Operating System 61 to so 
restore user intervention of the Client Device 11 upon 
completion of the execution of the functionality of the 
Controlling Serving Software and/or Firmware 30 and 
Controlling Client Software and/or Rrmware 31. The 
Controlling Client Software and/or Firmware 31 is a ss 
means or mechanism to instruct the Operating System 
61 to temporarily suspend user intervention of the Client 
Device 11 during execution of the functionality of the 



Controlling Client Software and/or Rrmware 31 and 
Controlling Client Software and/or Rrmware 32. The 
Controlling Client Software and/or Firmware 31 is a 
means or mechanism to instruct the Controlling Client 
Software and/or Rrmware 32 to instruct the Operating 
System 62 to temporarily suspend user intervention of 
the Next Client Device 12 during execution of the func- 
tionality of the Controlling Client Software and/or 
Firmware 31 and Controlling Client Software and/or 
Firmware 32. The Controlling Client Software and/or 
Rrmware 31 is also a means or mechanism to receive 
instructions from a Controlling Client Software and/or 
Firmware 32 of a Next Client Device 12 via Communica- 
tion Means 120. The Controlling Client Software and/or 
Rrmware 31 is also a means or mechanism to automat- 
ically instruct the Encrypting Rle System 51 of a Client 
Device 11 to decrypt a Computer Rle and/or Program 
110 from Storage 101 and place an electronic copy 
thereof in RAM 81. The Controlling Client Software 
and/or Firmware 31 is also a means or mechanism to 
automatically instruct the Public Key Infrastructure 41 of 
a Client Device 11 to encrypt and transmit via Commu- 
nication Means 120 a Computer Rle and/or Program 
110 to a Next Client Device 12. The Controlling Client 
Software and/or Rrmware 31 is also a means or mech- 
anism to instruct the Operating System 61 to restore 
user intervention of the Client Device 11 upon comple- 
tion of the execution of the functionality of the Control- 
ling Client Software and/or Rrmware 31. The 
Controlling Client Software and/or Firmware 31 maybe 
embodied in computer coding software (such as, but not 
limited to, a program authored in the computer language 
C++) to execute the functions described hereinabove. 
The Controlling Client Software and/or Rrmware 31 has 
many embodiments similar to those of the Controlling 
Client Software and/or Rrmware 32. 
[0049] The Controlling Client Software and/or 
Rrmware 32 is a means or mechanism to automatically 
instruct the Operating System 62, or a communication 
program thereof, to electronically communicate with a 
Client Device 12 via Communication Means 120. The 
Controlling Client Software and/or Rrmware 32 is also a 
means or mechanism to receive instructions from a 
Controlling Client Software and/or Rrmware 31 , of a Cli- 
ent Device 11, via Communication Means 120. The 
Controlling Client Software and/or Rrmware 32 is also a 
means or mechanism to instruct the Operating System 
62 to temporarily suspend user intervention of the Next 
Client Device 1 2 during the execution of the functionality 
of the Controlling Client Software and/or Rrmware 31 
and the Controlling Client Software and/or Firmware 32. 
The Controlling Client Software and/or Firmware 32 is 
also a means or mechanism to automatically instruct 
the Public Key Infrastructure 42 of a Next Client Device 
12 to receive and decrypt from transmission, usage per- 
missions and/or rights associated with a Computer File 
and/or Program 110 and to receive and decrypt from 
transmission a Computer Rle and/or Program 110 
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transmitted from a Client Device 11 via Communication 
Means 120 and place an electronic copy thereof in RAM 
82. The Controlling Client Software and/or Firmware 32 
is also a means or mechanism to automatically instruct 
the Encrypting Hie System 52 of a Next Client Device s 
12 to recall a Computer File and/or Program 110 from 
RAM 82 and encrypt and save an electronic copy 
thereof to Storage 102, using said permissions and/or 
rights associated with said Computer File and/or Pro- 
gram 110 and transmitted by a Client Device 11. The 10 
Controlling Client Software and/or Firmware 32 is a 
means or mechanism to instruct the Operating System 
62 to restore user intervention of the Next Client Device 
12 upon completion of the execution of the functionality 
of the Controlling Client Software and/or Firmware 31 is 
and Controlling Client Software and/or Firmware 32. 
The Controlling Client Software and/or Firmware 32 
may be embodied in computer coding software (such 
as, but not limited to, a program authored in the compu- 
ter language C++) to execute the functions described 20 
hereinabove. The Controlling Client Software and/or 
Firmware 32 has many embodiments similar to those of 
the Controlling Client Software and/or Firmware 31. 
[0050] The Public Key Infrastructure 40 (such as, 
but not limited to, the Public Key Infrastructure of Micro- 25 
soft Windows 2000 Server family, formerly known as 
Microsoft Windows NT Server version 5.0) of a Serving 
Device 10 is a cryptography means or mechanism 
which provides public encryption and private decryption 
keys enabling the Serving Device 10 to conduct so 
encrypted communications using encrypted communi- 
cation protocols (such as, but not limited to, secure 
sockets layer (SSL), transport layer security (TLS), vir- 
tual private network (VPN), etc.) via Communication 
Means 120. The Public Key Infrastructure 40 of the 35 
Serving Device 10 is also a cryptography means or 
mechanism which provides public encryption and pri- 
vate decryption keys to other components of the Oper- 
ating System 60, or applications running on the 
Operating System 60. 40 
[0051] The Public Key Infrastructure 41 (such as, 
but not limited to, the Public Key Infrastructure of Micro- 
soft Windows 2000 professional, formerly known as 
Microsoft Windows NT Workstation version 5.0) of a Cli- 
ent Device 11 is a cryptography means or mechanism 45 
which provides public encryption and private decryption 
keys enabling the Client Device 1 1 to conduct encrypted 
communications using encrypted communication proto- 
cols (such as, but not limited to, secure sockets layer 
(SSL), transport layer security (TLS), virtual private net- so 
work (VPN), etc.) via Communication Means 120. The 
Public Key Infrastructure 41 of the Client Device 11 is 
also a cryptography means or mechanism which pro- 
vides public encryption and private decryption keys to 
other components of the Operating System 61 , or appli- ss 
cations running on the Operating System 61 . 
[0052] The Public Key Infrastructure 42 (such as, 
but not limited to, the Public Key Infrastructure of Micro- 



soft Windows 2000 professional, formerly known as 
Microsoft Windows NT Workstation version 5.0) of a 
Next Client Device 12 is a cryptography means or 
mechanism which provides public encryption and pri- 
vate decryption keys enabling said Next Client Device 
12 to conduct encrypted communications using 
encrypted communication protocols (such as, but not 
limited to, secure sockets layer (SSL), transport layer 
security (TLS), virtual private network (VPN), etc.) via 
Communication Means 120. The Public Key Infrastruc- 
ture 42 of the Next Client Device 12 is also a cryptogra- 
phy means or mechanism which provides public 
encryption and private decryption keys to other compo- 
nents of the Operating System 62, or applications run- 
ning on the Operating System 62. 
[0053] The Encrypting File System 50 (such as, but 
not limited to, the Encrypting File System of Microsoft 
Windows 2000 Server, formerly known as Microsoft 
Windows NT Server version 5.0) is a means or mecha- 
nism to permit the user of a Serving Device to manually 
select computer files or folders to encrypt or decrypt. 
The Encrypting File System 50 is also a means or 
mechanism to encrypt a Computer File and/or Program 
110 using a randomly generated and secret encryption 
and/or decryption key. The Encrypting Re System 50 is 
also a means or mechanism to encrypt said randomly 
generated secret encryption and/or decryption key 
using the public encryption key of the Public Key Infra- 
structure 40 and save it to Storage 100 and associating 
said randomly generated secret encryption and/or 
decryption key with said Computer File and/or Program 
110. The Encrypting File System 50 is also a means or 
mechanism to decrypt the copy of said randomly gener- 
ated secret encryption and/or decryption key associ- 
ated with said Computer File and/or Program 110 using 
the private decryption key of the Public Key Infrastruc- 
ture 40 to then decrypt said Computer File and/or Pro- 
gram 110 using said randomly generated secret 
encryption and/or decryption key in real time during 
read and write operations of the Serving Device 10. 
[0054] The Encrypting File System 51 (such as, but 
not limited to, the Encrypting File System of Microsoft 
Windows 2000 professional, formerly known as Micro- 
soft Windows NT Workstation version 5.0) is a means or 
mechanism to permit the user of a Client Device to man- 
ually select computer files or folders to encrypt or 
decrypt. The Encrypting File System 51 is also a mean? 
or mechanism to encrypt a Computer File and/or Pro- 
gram 110 using a randomly generated and secret 
encryption and/or decryption key. The Encrypting File 
System 51 is also a means or mechanism to encrypt 
said randomly generated secret encryption and/or 
decryption key using the public encryption key of the 
Public Key Infrastructure 41 and save it to Storage 101 
and associating said randomly generated secret 
encryption and/or decryption key with said Computer 
File and/or Program 110. The Encrypting File System 
51 is also a means or mechanism to decrypt the copy of 
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said randomly generated secret encryption and/or 
decryption key associated with said Computer File 
and/or Program 110 using the private decryption key of 
the Public Key Infrastructure 41 to then decrypt said 
Computer File and/or Program 110 using said randomly 5 
generated secret encryption and/or decryption key in 
real time during read and write operations of the Client 
Device 11. 

[0055] The Encrypting File System 52 (such as, but 
not limited to, the Encrypting File System of Microsoft 10 
Windows 2000 professional, formerly known as Micro- 
soft Windows NT Workstation version 5.0) is a means or 
mechanism to permit the user of a Next Client Device 
12 to manually select computer files or folders to 
encrypt or decrypt The Encrypting File System 52 is is 
also a means or mechanism to encrypt a Computer File 
and/or Program 110 using a randomly generated and 
secret encryption and/or decryption key. The Encrypting 
File System 52 is also a means or mechanism to 
encrypt said randomly generated secret encryption 20 
and/or decryption key using the public encryption key of 
the Public Key Infrastructure 42 and save it to Storage 
102 and associating said randomly generated secret 
encryption and/or decryption key with said Computer 
File and/or Program 110. The Encrypting File System 2s 
52 is also a means or mechanism to decrypt the copy of 
said randomly generated secret encryption and/or 
decryption key associated with said Computer File 
and/or Program 110 using the private decryption key of 
the Public Key Infrastructure 42 to then decrypt said 30 
Computer File and/or Program 110 using said randomly 
generated secret encryption and/or decryption key in 
real time during read and write operations of the Next 
Client Device 12. 

[0056] The Operating System 60 (such as, but not 35 
limited to, the Microsoft Windows 2000 Server, formerly 
known as Microsoft Windows NT Server version 5.0) is 
a means or mechanism to permit computing functional- 
ity of a Serving Device 10. 

[0057] The Operating System 61 (such as, but not 40 
limited to, the Microsoft Windows 2000 professional, for- 
merly known as Microsoft Windows NT Workstation ver- 
sion 5.0) is a means or mechanism to permit computing 
functionality of a Client Device 1 1 . 

[0058] The Operating System 62 (such as, but not 45 
limited to, the Microsoft Windows 2000 professional, for- 
merly known as Microsoft Windows NT Workstation ver- 
sion 5.0) is a means or mechanism to permit computing 
functionality of a Next Client Device 1 2. 
[0059] The Transceiver 70 (such as, but not limited so 
to. a modem, cable modem, network interface card, 
etc.) is a means or mechanism to electronically send 
and receive communication signals via a Communica- 
tion Means 120. The Transceiver 70 is a means or 
mechanism used by software and/or firmware of, or ss 
connected to, the Serving Device 10 and/or the Operat- 
ing System 60, to electronically communicate via a 
Communication Means 120. The Transceiver 70 is con- 



H)9A2 22 

nected to the Serving Device 10 and is connected to the 
Communication Means 120. 

[0060] The Transceiver 71 (such as, but not limited 
to. , a modem, cable modem, network interface card, 
etc.) is a means or mechanism to electronically send 
and receive communication signals via a Communica- 
tion Means 120. The Transceiver 71 is a means or 
mechanism used by software and/or firmware of, or 
connected to, the Client Device 11 and/or the Operating 
System 61, to electronically communicate via a Com- 
munication Means 120. The Transceiver 71 is con- 
nected to the Client Device 11 and is connected to the 
Communication Means 120. 

[0061] The Transceiver 72 (such as, but not limited 
to. a modem, cable modem, network interface card, 
etc.) is a means or mechanism to electronically send 
and receive communication signals via a Communica- 
tion Means 120. The Transceiver 72 is a means or 
mechanism used by software and/or firmware of, or 
connected to, the Next Client Device 12 and/or the 
Operating System 62, to electronically communicate via 
a Communication Means 120. The Transceiver 72 is 
connected to the Next Client Device 12 and is con- 
nected to the Communication Means 1 20. 
[0062] The Random Access Memory 80 (also 
"RAM 80") is a means or mechanism used by the Oper- 
ating System 60 of a Serving Device 10 to temporarily 
store computer files, computer programs or other com- 
puter information for use by the Operating System 60, 
computer programs running on the Operating System 

60 or other computer peripheral devices of said Serving 
Device 10. 

[0063] The Random Access Memory ^ 81 (also 
"RAM 81 ") is a means or mechanism used by the Oper- 
ating System 61 of a Client Device 11 to temporarily 
store computer files, computer programs or other com- 
puter information for use by the Operating System 61, 
computer programs running on the Operating System 

61 or other computer peripheral devices of said Client 
Device 11. 

[0064] The Random Access Memory 82 (also 
"RAM 82") is a means or mechanism used by the Oper- 
ating System 62 of a Next Client Device 1 2 to temporar- 
ily store computer files, computer programs or other 
computer information for use by the Operating System 
62, computer programs running on the Operating Sys- 
tem 62 or other computer peripheral devices of said 
Next Client Device 12. 

[0065] The Processor 90 is a means or mechanism 
of a Serving Device 10 to electronically process instruc- 
tions of the Operating System 60, other computer pro- 
grams running on said Operating System 60 or other 
computer peripheral devices of said Serving Device 10. 
The Processor 90 is also a means or mechanism of a 
Serving Device 10 to electronically process instructions 
of other peripheral software and/or firmware devices of 
said Serving Device 10. 

[0066] The Processor 91 is a means or mechanism 
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of a Client Device 11 to electronically process instruc- 
tions of the Operating System 61 , other computer pro- 
grams running on said Operating System 61 or other 
computer peripheral devices of said Client Device 11. 
The Processor 91 is also a means or mechanism of a 
Client Device 1 1 to electronically process instructions of 
other peripheral software and/or firmware devices of 
said Client Device 11. 

[0067] The Processor 92 is a means or mechanism 
of a Next Client Device 12 to electronically process 
instructions of the Operating System 62, other computer 
programs running on said Operating System 62 or other 
computer peripheral devices of said Next Client Device 
12. The Processor 92 is also a means or mechanism of 
a Next Client Device 12 to electronically process 
instructions of other peripheral software and/or 
firmware devices of said Next Client Device 12. 
[0068] The Storage 100 is a means or mechanism 
in, or connected to, a Serving Device 10, which can be 
used to electronically save an electronic copy of the dig- 
ital code of a computer program or computer file from 
RAM 80 of said Serving Device 10. 
[0069] The Storage 101 is a means or mechanism 
in, or connected to, a Client Device 11, which can be 
used to electronically save an electronic copy of the dig- 
ital code of a computer program or computer file from 
RAM 81 of said Client Device 11. 
[0070] The Storage 102 is a means or mechanism 
in, or connected to, a Next Client Device 12, which can 
be used to electronically save an electronic copy of the 
digital code of a computer program or computer file from 
RAM 82 of said Next Client Device 12. 
[0071] The Computer File and/or Program 110 is a 
computer file or a computer program (such as, but not 
limited to, a word processing document (i.e MS Word, 
Lotus WordPro), a spreadsheet file (such as, but not 
limited to, Lotus 1-2-3, MS Excel), an audio file (such as, 
but not limited to, MP3, WAV, AUI), a video file (such as, 
but not limited to, AVI, MPEG), an executable program 
(such as, but not limited to, EXE), etc.). 
[0072] The Communication Means 120 (such as, 
but not limited to, telephone lines, cable TV lines, coax 
cable, fiber optics, radio, cellular, satellite, serial cables, 
parallel cables, infrared communication, universal serial 
bus (USB) cables, the Internet, LAN, Ethernet, network 
generally, etc.) is a means or mechanism by which com- 
puting devices connected thereto can electronically 
communicate. The Communication Means 120 is also a 
means or mechanism by which computing devices con- 
nected thereto can invoke encrypted communication 
protocols (such as, but not limited to, secure sockets 
layer (SSL), transport layer security (TLS), virtual pri- 
vate network (VPN), etc.) to transmit and receive 
encrypted signals. The Communication Means 120 is 
connected to the Transceiver 70, 71 and 72 of a Serving 
Device 10, a Client Device 11 and a Next Client Device 
12, respectively. 

[0073] The user of the Serving Device 10 saves a 



Computer Re and/or Program 110 to Storage 100 
within, or connected to, the Serving Device 10. The user 
of the Serving Device 10 establishes a link, connection 
or other form of electronic association (such as, but not 
5 limited to, a TCP and/or IP hyperlink) (collectively the 
"hyperlink") between the Serving Interface 20 and the 
location of said Computer File and/or Program 110 in 
Storage 100. The Transceiver 70 of the Serving Device 

10 is connected to a Communication Means 120. The 
10 user of the Serving Device 10 inputs (such as, but not 

limited to, inputs via a keyboard, mouse, etc.) permis- 
sions and/or rights to be associated with the Computer 
File and/or Program 110 through the Controlling Serv- 
ing Software and/or Firmware 30. Said permissions 

is include, but are not limited to, moving or copying, etc., 
and said rights include, but are not limited to, the 
number of uses, expiration date of uses, assignment of 
permissions and/or rights to third parties, etc. 
[0074] The user of the Client Device 11 communi- 

20 cates with the Serving Device 10 via the Communica- 
tion Means 120. The Transceiver 71 of the Client Device 

11 is connected to a Communication Means 120. The 
user of the Client Device 11 views the Serving Interface 
20 on the video display of the Client Device 1 1 and iden- 

25 tifies the hyperlink associated with the desired Compu- 
ter File and/or Program 110. The user of the Client 
Device 11 uses the Client Interface 21 to initiate a 
hyperlink transmission request (such as, but not limited 
to, a double mouse click on the hyperlink associated 

30 with said Computer File and/or Program 110) via the 
Communication Means 120 to acquire said Computer 
File and/or Program 110 from the Serving Device 10. 
This request initiates a series of automated actions by 
the Controlling Serving Software and/or Firmware 30 

35 then by the Controlling Client Software and/or Firmware 
31. First, the Controlling Serving Software and/or 
Firmware 30 instructs the Controlling Client Software 
and/or Firmware 31 to instruct the Operating System 61 
of the Client Device 11 to temporarily suspend user 

40 intervention to prevent any form of unauthorized data or 
instruction input into or throughout the Serving Device 
10 or the Client Device 11 by a means or mechanism 
internal or external to either the Serving Device 10 or 
the Client Device 11, such as, but not limited to, user 

45 input or control through use of a keyboard, mouse or 
other physical means or mechanism; a computer pro- 
gram; macro; or any other means or mechanism which 
could in any way affect the functionality of the software 
and/or firmware of the present invention which could in 

so any way affect the functionality of any software and/or 
firmware utilized by the present invention, and to pre- 
vent any form of unauthorized access to, use of, control 
over the Computer File and/or Program 110 during exe- 
cution of the transmission request Then the Controlling 

ss Client Software and/or Firmware 31 instructs the Oper- 
ating System 61 of the Client Device 11 to temporarily 
suspend user intervention. Then the Controlling Client 
Software and/or Firmware 31 instructs the Controlling 
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Serving Software and/or Firmware 30 to transmit the 
Computer File and/or Program 110 to the Client Device 
11. Then the Controlling Serving Software and/or 
Firmware 30 instructs the Public Key Infrastructure 40 of 
the Operating System 60 of the Serving Device 10 to $ 
encrypt and transmit, using encrypted communication 
protocols (such as, but not limited to, secure sockets 
layer (SSL), transport layer security (TLS), virtual pri- 
vate network (VPN), etc.), the Computer File and/or 
Program 110 and its associated permissions and/or ?o 
rights to the Client Device 11. Then the Operating Sys- 
tem 60 of the Serving Device 10 recalls the Computer 
File and/or Program 110 from Storage 100; places an 
electronic copy of the Computer File and/or Program 
110 into RAM 80; and encrypts and transmits the Com- 75 
puter File and/or Program 110 to the Client Device 11 
via the Communication Means 120. Then the Public Key 
Infrastructure 41 of the Operating System 61 of the Cli- 
ent Device 1 1 receives and decrypts from transmission, 
using encrypted communication protocols (such as, but 20 
not limited to, secure sockets layer (SSL), transport 
layer security (TLS), virtual private network (VPN), etc.). 
said Computer File and/or Program 110 and places an 
electronic copy of said Computer File and/or Program 
110 into RAM 81. Then the Controlling Client Software 2s 
and/or Firmware 31 automatically instructs the Encrypt- 
ing File System 51 of the Client Device 11 to encrypt 
and save said electronic copy of the Computer File 
and/or Program 110 from RAM 81 to Storage 1 01 , using 
the associated permissions and/or rights transmitted by 30 
the Serving Device 10, and to then erase any electronic 
copies of the Computer File and/or Program 110 from 
RAM 81. Then the Controlling Client Software and/or 
Firmware 31 of the Operating System 61 of the Client 
Device 1 1 instructs the Operating System 61 of the Cli- 35 
ent Device 11 to reestablish user intervention. 
[0075] The user of the Client Device 1 1 may use the 
Computer File and/or Program 110 saved in Storage 
1 01 , subject to the permissions and/or rights associated 
therewith, as if said Computer File and/or Program 110 40 
were not encrypted. Copies or moves of the Computer 
File and/or Program 11 0 which are not executed by the 
Encrypting File System 51, will not be properly 
encrypted for use on a computing device other than the 
Client Device 11. In accordance with said permissions 45 
and/or rights, the user of the Client Device 11 may uti- 
lize the Controlling Client Software and/or Firmware 31 
to activate functionality of the Encrypting File System 51 
to execute a move or copy of the Computer File and/or 
Program 110 from Storage 1 01 to Storage 1 02 of a Next so 
Client Device 12. The Transceiver 72 of the Client 
Device 12 is connected to a Communication Means 
120. The user of the Client Device 11 views a window 
(such as, but not limited to, as used by the windows 
2000 operating system) of the Client Interface 21 and $5 
the Next Client Interface 22, which displays the relevant 
contents of Storage 101 to Storage 102, respectively, on 
the video display of the Client Device 1 i . The user iden- 



tifies the object (such as, but not limited to, icon) (here- 
inafter "icon") associated with the Computer File and/or 
Program 1 1 0 to be moved from Storage 1 01 to Storage 
1 02. The user of the Client Device 1 1 uses their compu- 
ter mouse to move the icon (such as, but not limited to, 
a graphical user interface drag-n-drop move) associated 
with the Computer File and/or Program 110 from the Cli- 
ent Interface 21 window to the Next Client Interface 22 
window. The drag-n-drop of said icon associated with 
said Computer File and/or Program 110 initiates a 
series of automated actions by the Controlling Serving 
Software and/or Firmware 30 then by the Controlling 
Client Software and/or Firmware 31. First, the Control- 
ling Client Software and/or Firmware 31 instructs the 
Operating System 61 of the Client Device 11 to tempo- 
rarily suspend user intervention to prevent any form of 
unauthorized data or instruction input into or throughout 
the Client Device 11 or the Next Client Device 12 by a 
means or mechanism internal or external to either the 
Client Device 11 or the Next Client Device 12, such as, 
but not limited to, user input or control through use of a 
keyboard, mouse or other physical means, or mecha- 
nism; a computer program; macro; or any other means 
or mechanism which could in any way affect the func- 
tionality of the software and/or firmware of the present 
invention which could in any way affect the functionality 
of any software and/or firmware utilized by the present 
invention, and to prevent any form of unauthorized 
access to, use of, control over the Computer File and/or 
Program during execution of the transmission request. 
Then the Controlling Client Software and/or Firmware 
31 instructs the Controlling Client Software and/or 
Firmware 32 to instruct the Operating System 62 of the 
Next Client Device 12 to temporarily suspend user inter- 
vention (such as, but not limited to, keyboard or mouse 
intervention, program or macro instructions, etc.) during 
execution of the transmission request Then the Con- 
trolling Client Software and/or Firmware 32 instructs the 
Operating System 62 of the Next Client Device 12 to 
temporarily suspend user intervention. Then the Con- 
trolling Client Software and/or Firmware 32 instructs the 
Controlling Client Software and/or Firmware 31 to trans- 
mit said Computer Hie and/or Program 110 to the Next 
Client Device 12. Then the Controlling Client Software 
and/or Firmware 31 instructs the Encrypting File Sys- 
tem 51 to recall and decrypt said Computer File and/or 
Program 110, and its associated permissions and/or 
rights, from Storage 101 and to save an electronic copy 
thereof in RAM 81. Then the Controlling Client Software 
and/or Firmware 31 instructs the Public Key Infrastruc- 
ture 41 of the Operating System 61 of the Client Device 
1 1 to encrypt and transmit the electronic copy of said 
Computer File and/or Program 110 from RAM 81, and 
its associated permissions and/or rights, to the Next Cli- 
ent Device 12 via Communication Means 120. Then the 
Controlling Client Software and/or Firmware 32 
instructs the Public Key Infrastructure 42 of the Next Cli- 
ent Device 12 to receive and decrypt from transmission 
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said Computer File and/or Program 110, and its associ- 
ated permissions and/or rights, and place an electronic 
copy thereof in RAM 82. In the case of a move of said 
Computer File and/or Program 110 from Storage 101 to 
Storage 102, upon receipt of the Computer File and/or 
Program 110 into RAM 82 by the Next Client Device 12, 
the Controlling Client Software and/or Firmware 32 of 
the Next Client Device 12 automatically instructs the 
Controlling Client Software and/or Firmware 31 of the 
Client Device 1 1 to instruct the Operating System 61 of 
the Client Device 1 1 to delete all copies of the Computer 
Re and/or Program 110 in Storage 101 or RAM 81. 
Then the Controlling Client Software and/or Firmware . 
31 instructs the Operating System 61 to reestablish 
user intervention of the Client Device 11 . Then the Con- 
trolling Client Software and/or Firmware 32 automati- 
cally instructs the Encrypting File System 52 of the 
Operating System 62 of the Next Client Device 12 to 
encrypt and save to Storage 1 02 said electronic copy of 
the Computer File and/or Program 110 from RAM 82, 
using the associated permissions and/or rights trans- 
mitted from the Client Device 11, and then erase all 
electronic copies of the Computer File and/or Program 
110 from RAM 82. Then the Controlling Client Software 
and/or Firmware 32 instructs the Operating System 62 
to reestablish user intervention of the Next Client Device 
12. 

[0076] The user of the Next Client Device 12 may, 
subject to the permissions and/or rights originally estab- 
lished and transmitted by the Serving Device 10 to the 
Client Device 11 and then to the Next Client Device 12, 
use the Computer File and/or Program 110 as if the 
Computer File and/or Program 110 were not encrypted. 
Copies or moves of the Computer File and/or Program 
110 which are not executed by the Encrypting File Sys- 
tem 52 of the Next Client Device 12, in conjunction with 
the Controlling Client Software and/or Firmware 32 of 
the Next Client Device 12, will not be properly encrypted 
for use on a computing device other than the Next Client 
Device 12. 

[0077] As example, a user of the Serving Device 1 0 
connects the Transceiver 70 of the Serving Device 1 0 to 
a Communication Means 120 with a subsequent com- 
munications connection to the Internet The user of the 
Serving Device 10 saves an audio file (such as, but not 
limited to, in MP3 format), being a Computer Program 
and/or File 1 1 0, in Storage 1 00 and assign it a link (such 
as, but not limited to, a TCP and/or IP hyperlink to a 
Serving Interface 20 (such as, but not limited to, a web 
page). The user of the Client Device 11 connects the 
Transceiver 71 of the Client Device 11 to a Communica- 
tion Means 120 with a subsequent communications 
connection to the Internet The user of the Client Device 
11 is able to view a copy of the Serving Interface 20 
within the Client Interface 21 on the video display of the 
Client Device 11. The user of the Client Device 11 
selects the MP3 audio file for download to the Client 
Device 11 by using its computer mouse to double click 



on the hyperlink associated with the MP3 audio file 
which is displayed on the Client Interface 21 on the 
video display of the Client Device 11. The double dick 
action instructs the Client Interface 21 to transmit an 

5 electronic request via Communication Means 120, to 
download the MP3 audio file from the Serving Device 1 0 
to the Client Device 11. Upon receipt of the transmis- 
sion request the Serving Interface signals the Control- 
ling Serving Software and/or Firmware 30 to commence 

10 various automatic functions. The Controlling Serving 
Software and/or Firmware 30 firsts instructs (via Com- 
munication Means 120) the Controlling Client Software 
and/or Firmware 31 to instruct the Operating System 61 
of the Client Device 11 to temporarily suspend user 

is intervention. The Controlling Client Software and/or 
Firmware 31 then instructs (via Communication Means 
120) the Controlling Serving Software and/or Firmware 
30 to transmit the MP3 audio file. The Controlling Serv- 
ing Software and/or Firmware 30 instructs the Operat- 
es ing System 60 to recall the MP3 audio file, and its 
associated permissions and/or rights, from Storage 100 
and place an electronic copy thereof in Random Access 
Memory 80. Then the Controlling Serving Software 
and/or Firmware 30 instructs the Public Key Infrastruc- 

25 ture 40 to encrypt and transmit an electronic copy of the 
MP3 audio file, and its associated permissions and/or 
rights, to the Client Device 11 via the Communication 
Means 120. At this point, the Controlling Serving Soft- 
ware and/or Firmware 30 has concluded its portion of 

30 the transmission process and the program related to the 
Controlling Serving Software and/or Firmware 30 termi- 
nates. Upon receipt of the MP3 audio file, and its asso- 
ciated permissions and/or rights, by the Client Device 
11, the Public Key Infrastructure 41 decrypts the MP3 

35 audio file and its associated permissions and/or rights 
from transmission and stores an electronic copy thereof 
in Random Access Memory 81 . Then the Controlling 
Client Software and/or Firmware 31 instructs the 
Encrypting File System 51 of the Client Device 11 to 

40 encrypt and save said electronic copy of the MP3 audio 
file from Random Access Memory 81 to Storage 101, 
using the associated permissions and/or rights trans- 
mitted by the Serving Device 10. Then the Controlling 
Client Software and/or Firmware 31 instructs and 

45 instructs the Encrypting File System 51 or the Operating 
System 61 to erase any electronic copies of the MP3 
audio file from Random Access Memory 81. Then the 
Controlling Client Software and/or Firmware 31 of the 
Operating System 61 of the Client Device 11 instructs 

so the Operating System 61 of the Client Device 11 to 
reestablish user intervention. At this point, the Control- 
ling Client Software and/or Firmware 31 has concluded 
its portion of the transmission and encryption for stor- 
age process and the program related to the Controlling 

55 Client Software and/or Firmware 31 terminates. The 
user of the Client Device 1 1 is now able to play the MP3 
audio file and the Encrypting File System 51 , subject to 
the permissions and/or rights used by the Encrypting 
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File System 51 to encrypt the MP3 audio file. 
[0078] Furthermore, the user of the Client Device 
11 then decides to transfer the MP3 audio file to Next 
Client Device 12, and in this example, the user can do 
so based pn the permissions and/or rights associated s 
with the MP3 audio file. The user of the Client Device 1 1 
connects the Transceiver 71 of the Client Device 1 1 to a 
Communication Means 1 20 with a subsequent commu- 
nications connection to the Internet. The user of the 
Next Client Device 12 connects the Transceiver 72 of 10 
the Next Client Device 12 to a Communication Means 
120 with a subsequent communications connection to 
the Internet The user of the Client Device 11 views the 
Client Interface 21 and a copy of the Next Client Inter- 
face 22 on the video display of the Client Device 11, is 
which displays the relevant contents of Storage 1 01 and 
Storage 102, respectively. The user identifies the object 
(such as, but not limited to, icon) (hereinafter "icon") 
associated with the MP3 audio file to be moved from 
Storage 101 to Storage 102. The user of the Client 20 
Device 11 uses its computer mouse to move the icon 
(such as, but not limited to, a graphical user interface 
drag-n;drop move) associated with the MP3 audio file 
from the Client Interface 21 window to the Next Client 
Interface 22 window. The drag-n-drop of said icon asso- 2s 
ciated with the MP3 audio file initiates a series of auto- 
mated actions by the Controlling Client Software and/or 
Firmware 31 then by the Controlling Client Software 
and/or Firmware 32. First, the Controlling Client Soft- 
ware and/or Firmware 31 instructs the Operating Sys- 30 
tern 61 of the Client Device 11 to temporarily suspend 
user intervention (such as, but not limited to, keyboard 
or mouse intervention, program or macro instructions, 
etc.) during execution of the transmission request Then 
the Controlling Client Software and/or Firmware 31 35 
instructs the Controlling Client Software and/or 
Firmware 32 to instruct the Operating System 62 of the 
Next Client Device 12 to temporarily suspend user inter- 
vention (such as, but not limited to, keyboard or mouse 
intervention, program or macro instructions, etc.) during 40 
execution of the transmission request. Then the Con- 
trolling Client Software and/or Firmware 32 instructs the 
Operating System 62 of the Next Client Device 12 to 
temporarily suspend user intervention. Then the Con- 
trolling Client Software and/or Firmware 32 instructs the 45 
Controlling Client Software and/or Firmware 31 to trans- 
mit the MP3 audio file to the Next Client Device 12. 
Then the Controlling Client Software and/or Firmware 
31 recalls the permissions and/or rights associated with 
the MP3 audio file and used by the Encrypting File Sys- so 
tern 51 and instructs the Encrypting File System 51 to 
recall and decrypt the MP3 audio file from Storage 101 
and save an electronic copy thereof in Random Access 
Memory 81 . Then the Controlling Client Software and/or 
Firmware 31 instructs the Public Key Infrastructure 41 of ss 
the Operating System 61 of the Client Device 11 to 
encrypt and transmit the electronic copy of the MP3 
audio file from Random Access Memory 81, and its 



associated permissions and/or rights, to the Next Client 
Device 12 via Communication Means 120. Then the 
Controlling Client Software and/or Firmware 32 
instructs the Public Key Infrastrycture 42 of the Next Cli- 
ent Device 12 to receive and decrypt from transmission 
the MP3 audio file, and its associated permissions 
and/or rights, and place an electronic copy thereof in 
Random Access Memory 82. In the case of a move of 
the MP3 audio file from Storage 101 to Storage 102, 
upon receipt of the MP3 audio file into Random Access 
Memory 82 by the Next Client Device 12, the Controlling 
Client Software and/or Firmware 32 of the Next Client 
Device 12 automatically instructs the Controlling Client 
Software and/or Firmware 31 of the Client Device 1 1 to 
instruct the Operating System 61 and/or the Encrypting 
File System 51 of the Client Device 1 1 to delete all cop- 
ies of the MP3 audio fBe in Storage 101 or Random 
Access Memory 81. Then the Controlling Client Soft- 
ware and/or Firmware 31 instructs the Operating Sys- 
tem 61 to reestablish user intervention of the Client 
Device 11! Then the Controlling Client Software and/or 
Firmware 32 automatically instructs the Encrypting File 
System 52 of the Operating System 62 of the Next Cli- 
ent Device 12 to encrypt and save to Storage 102 said 
electronic copy of the MP3 audio file from Random 
Access Memory 82, using the associated permissions 
and/or rights transmitted from the Client Device 11 , and 
then erase air electronic copies of the MP3 audio file 
from Random Access Memory 82. Then the Controlling 
Client Software and/or Firmware 32 instructs the Oper- 
ating System 62 to reestablish user intervention of the 
Next Client Device 12. At this point the Controlling Cli- 
ent Software and/or Firmware 32 has concluded its por- 
tion of the transmission and encryption for storage 
process and the program related to the Controlling Cli- 
ent Software and/or Firmware 32 terminates. The user 
of the Next Client Device 1 2 is now able to play the MP3 
audio file, however, in this example the user of the Client 
Device 1 1 is not able to play the MP3 audio file because 
the file was "moved" and during the "move" process, all 
copies of the MP3 audio file were erased from the Client 
Device 1 1 upon conclusion of the "move" process. Addi- 
tionally, sincie the MP3 audio file has been encrypted by 
the Encrypting File System 51 for use on the Next Client 
Device 12, traditional moves or duplications of the MP3 
agdio file will not be authorized by the Encrypting File 
System 51 and only moves or duplications of the MP3 
audio file utilizing the Controlling Client Software and/or 
Firmware 32 will be authorized by the Encrypting File 
System 51. 

[0079] "Means or mechanism" herein refers to 35 
U.S.C. Section 1 12, paragraph 6. The term "means" of 
"means or mechanism" is subject to 35 U.S.C. Section 
112, paragraph 6, while the term "mechanism" of 
"means or mechanism" is not subject to 35 U.S.C. Sec- 
tion 112, paragraph 6. 

[0080] Although the invention has been described 
in detail in the foregoing embodiments for the purpose 
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of illustration, it is to be understood that such detail is 
solely for that purpose and that variations can be made 
therein by those skilled^n the art without departing from 
the spirit and scope of the invention except as it may be 
described by the following claims. 5 

Claims 

1. A system for manipulating a computer file and/or 
program comprising: w 

a serving device having access to a computer 
file and/or program which is unencrypted and 
which can encrypt the unencrypted computer 
file and/or program to become an encrypted is 
computer file and/or program and transfer it; 
a connector connected to the serving device on 
which the encrypted computer file and/or pro- 
gram travels and to which the serving device 
transfers the encrypted computer file and/or 20 
program; and 

a client device which receives the encrypted 
computer file and/or program and decrypts the 
encrypted computer file and/or program back 
to the unencrypted computer file and/or pro- 25 
gram, said client device not allowing interven- 
tion to the encrypted computer file and/or 
program during a time when the encrypted 
computer and/or file program is received, said 
serving device separate, apart and distinct 30 
from the client device. 

2. A system as described in Claim 1 wherein said 
server device assigns permissions and/or rights to 
the unencrypted computer file and/or program 35 
which identifies what the client device can do with 
the unencrypted or encrypted computer file and/or 
program after the client device has received the 
encrypted computer file and/or program or after the 
client device has decrypted the encrypted compu- 40 
ter file and/or program back to the unencrypted 
computer file and/or program. 

3. A system as described in Claim 2 wherein said 
server device encrypts the permissions and/or 45 
rights and transfers them to the client device 
through the connector, said client device decrypts 
the unencrypted permissions and/or rights. 

4. A system as described in Claim 3 wherein the serv- so 
ing device includes controlling server software 
and/or firmware which causes the encryption of the 
unencrypted computer file and/or program and the 
permissions and/or rights and instructs the client 
device to temporarily suspend user intervention ss 
when the client device receives the encrypted com- 
puter file and/or program and the encrypted permis- 
sions and/or rights. 



5. A system as described in Claim 4 wherein the client 
device includes controlling client software and/or 
firmware which causes the decryption of the 
encrypted computer file and/or program. 

6. A system as described in Claim 5 wherein the client 
device has a mechanism for requesting the unen- 
crypted computer file and/or program from the 
server device. 

7. A system as described in Claim 6 wherein the con- 
trolling client software and/or firmware causes the 
encryption of the unencrypted computer file and/or 
program and the permissions and/or rights for stor- 
age. 

8. A system as described in Claim 7 wherein the client 
device has an operating system and the controller 
client software and/or firmware instructs the operat- 
ing system to reestablish user intervention at a 
desired time. 

9. A system as described in Claim 8 wherein the 
server device has a server public key infrastructure 
which encrypts using encrypted communication 
protocols the permissions and/or rights and the 
unencrypted computer file and/or program. 

1 0. A system as described in Claim 9 wherein the client 
device has a client public key infrastructure which 
decrypts from transmission the permissions and/or 
rights and encrypted computer file and/or program 
using encrypted communication protocols. 

11. A system as described in Claim 10 wherein the cli- 
ent device includes an encrypting file system which 
encrypts the unencrypted computer file and/or pro- 
gram and the permissions and/or rights and allows 
for the manual selection of the unencrypted compu- 
ter file and/or program for encryption or decryption. 

12. A system as described in Claim 1 1 wherein the cli- 
ent public key infrastructure has an encryption 
and/or decryption key and the encrypting file sys- 
tem uses the encryption and/or decryption key uti- 
lized by the client public key infrastructure. 

13. A system as described in Claim 12 including a next 
client device connected to the client device through 
the connector. 

14. A system as described in Claim 13 wherein the 
controlling client software and/or firmware moves or 
copies the encrypted computer file and/or program 
to the next client device through the second con- 
nector, said client device having a controlling next 
client software and/or firmware which decrypts the 
received encrypted computer file and/or program 
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and the encrypted permissions and/or rights and 
temporarily suspends user intervention of the next 
client device while the encrypted computer file 
and/or program is received by the next client 
device. 

15. A system as described in Claim 14 wherein the 
connector includes a communication link, the 
server device includes a transmitter connected to 
the communication link for transferring the 
encrypted computer file and/or program and unen- 
crypted permissions and/or rights to the communi- 
cation link, and the client device includes a receiver 
connected to the communication link which 
receives the encrypted computer file and/or pro- 
gram and the encrypted permissions and/or rights 
from the communication link. 
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ing the encrypted computer file and/or program 
back to the unencrypted computer file and/or pro- 
gram at the client device. 

22. A method as described in Claim 21 including after 
the decrypting step, there are the steps of encrypt- 
ing the unencrypted computer file and/or program 
and permissions and/or rights at the client device 
and storing the encrypted computer program 
and/or file and the encrypted permissions and/or 
rights in the client device. 

23. A method as described in Claim 22 including after 
the storing step, there is the step of transferring the 
encrypted computer file and/or program to a next 
client device connected to the client device by a 
second connector. 



16. A system as described in Claim 1 5 wherein the first 
and second connectors are part of the Internet or 
other communication network. 



20 



17. A method for manipulating a computer file and/or 
program comprising the steps of: 

suspending intervention by a user at a client 
device of the client device; 
encrypting an unencrypted computer file 
and/or program at the server device to form an 
encrypted computer file and/or program; 
transferring the encrypted computer file and/or 
program to the client device along a connector 
. connected to the client device and the server 
device; and 

reestablishing the intervention of the client 
device by the user. 

1 8. A method as described in Claim 1 7 including before 
the transferring step, there is the step of encrypting 
permissions and/or rights of the unencrypted com- 
puter file and/or program and transferring the 
encrypted permission and/or rights to the client 
device along the connector from the server device. 
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1 9. A method as described in Claim 1 8 including before 45 
the encrypting the unencrypted computer file 
and/or program step, there is the step of requesting 

by the client device the unencrypted computer file 
and/or program of the server device. 

50 

20. A method as described in Claim 19 including after 
the requesting step, there is the step of copying a 
primary unencrypted computer file and/or program 
to form the unencrypted computer file and/or pro- 
gram. 55 

21 . A method as described in Claim 20 including before 
the reestablishing step, there is the step of decrypt- 
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